@RSnake: That's what i am talking about - you can't generalize which input is allowed and which not - so you have to categorize/tag the filter rules and let them learn. At the monent we are using a configuration array based on the model to tell the filter what ruules have to be applied.

btw. In around one week we are planning to go online with the IDS - I will keep you informed about the results...

What do you think? Furthermore do you think there is a way to detect SQL injections as precise as possible? I sometimes wonder what the ideal initial probing would look like when coming to SQL injections - what patterns are there besides %item OR 1 = 1 or the UNIQUE queries?

Thanks WhiteAcid but sorry I don't get what you want to say :/
Could you maybe leave the code away and firstly describe what cought your attention?

Ah and, which version is that? I'm aware of the fact that we have no version handling at the time, thats my fault I'm sorry. You can get the youngest version from here http://phpids.googlecode.com/svn/trunk/

This first one you should probably know...
http://phpids.googlecode.com/svn/trunk/docs/examples/example.php

The second one is pretty fresh - just finished typing. It is designed to show how to work with the PHPIDS Impact - also it shows how to embed the IDS in framework like CakePHP
http://phpids.googlecode.com/svn/trunk/docs/examples/example_cakephp_component.php

OK. Well... I made two suggestions for change. Firstly I added some error checking to IDS::__construct(), but looking at the code christ1an linked to, this change is totally redundant. Ignore it.

The second suggestion was simply to speed the process up a bit. You weren't using PHP's array_walk where it would be ideal to use it. Making this change would require you to switch the order of the attributes in IDS::iterate(), as I also showed in the diff.

Thanks for the example, and sorry it took me a while to respond. I actually saw your posting and I was in the middle of something else so the posting didn't quite register in my head until this morning. :)

Umm.. that example for the CakePHP was more advanced than what my knowledge is. I was looking for something more in the lines of:

What you guys might consider creating is an index.php file in itself that will include some 'default' settings with comments so that users can change that. Then a php dummy like myself would only need one 'require_once' line. :)

Working with PHP for years I've come to know that the smaller a regular expression is the faster it gets run. Speed is essential especially when it comes to iterating over arrays or testing large strings. Many of the regular expressions can be optimized for speed and readability.